First few Article Sentences
Are you Prepared for Potential Changes to the Privacy Rule?
Under the Health Insurance Portability and Accountability Act’s (HIPAA) Privacy of Individually Identifiable Health Information (Privacy Rule), covered entities (payers, insurers, hospitals, physicians, and other healthcare providers) must act on an individual’s request for access to their health records within 30 days. However, in December of 2020, the United States Department of Health and Human Services (HHS) issued a notice of proposed changes to modify multiple standards within the Privacy Rule, including shortening covered entities’ required response time to fulfilling a patient’s request for copies of their Protected Health Information (PHI) to no later than 15 calendar days.
Although this proposal aims to increase permissible disclosures of PHI and improve patients’ care coordination and case management, these changes may drastically change healthcare entities’ current health information management procedures and workflow. Those that do not adapt quickly (entities will have 180 days to make necessary modifications) to comply with the potential Privacy Rule changes could be at increased risk of HIPAA fines and settlements.